International Referred Research Journal,October, 2011,ISSN-0975-3486, RNI: RAJBIL 2009/30097, VOL-III *ISSUE 25

Research Paper
Analysis of Dhcp And Igmp Snooping Approaches By
Exploring Query Snooping Configuration Algorithms
From Web Text Database.
October, 2011 * Pankaj Dadhich
* Research scholar, Singhania University, Rajasthan.
A B S T R A C T
DHCP snooping and IGMP snooping works on layer-2 in different manner at switch in network. DHCP snooping confirm trusted
host as authorized host from ip address and mac address for web text database server accessing via DHCP server by the snooping
queries and block non-trusted host or rough server. It maintain ip integrity and monitor packets between server and clients by query
snooping. IGMP snooping use for analyzes all IGMP packets between host and multicast router for prevent host on a local network
from receiving traffic for multicast group which have not explicitly joined by queries. It controlling the flooding of multicast traffic
by dynamic configuration methods and forward this traffic to only those interface which associated with multicast devices and
update with multicast group membership on port by port basis.

INTRODUCTION OF DHCP SNOOPING trol and accounting.

DHCP Snooping is a layer 2 security feature of DHCP 1.2 INTRODUCTION OF IGMP SNOOPING
server for track the physical location of hosts, confirm
the host IP address, and ensure that only authorized IGMP Snooping is a layer-2protocol that control dy-
hosts access DHCP server. DHCP server to filter harm-
ful DHCP messages and to build a bindings database IGMP ROUTER

IGMP QUERY MESSAGE

4
DHCP SERVER
5
INTERNET IGMP SNOOPING SWITCH
3
SWITCH 6

1
IGMP REPORT AND LEAVE MESSAGE
Figure:-1. Figure:-2.
DHCP CLIENT
NETWORK DEVICE
Figure:- DHCP Snooping Process HOST / CLIENT

of tupples that are considered authorized. DHCP snoop-

ing also stops attackers from adding their own Rough
servers to the network. When DHCP servers are allo-
cating IP addresses to the clients on the LAN, DHCP
snooping can be configured on LAN switches to harden
the security on the LAN to allow only clients with
specific IP/MAC addresses to have access to the net-
work. DHCP snooping store file binding at configured
location and switch reads the file for database binding
by database agent. It acts as firewall between non trusted
host and DHCP server and connect non trusted inter-
face to end user and trusted interface to DHCP server
or another switch. Non trusted received from outside
the network or firewall. Binding database table has
various attributes such as:- MAC Address , IP Ad-
dress, VLAN, interface, VLAN ID, Type, Lease Time,
and Web. The Binding Database Page contains pa-
rameters for querying and adding IP addresses to the
DHCP Snooping Database. Only specific IP addresses
with specific MAC addresses on specific ports may
access the IP network. Option-82 use as identifier for
multiple host in LAN for implementing security con-
73 RESEARCH AN ALYSI S
namically multicast traffic. When IGMP snooping is
enabled on switch it analyzes all IGMP packets be-
tween switch and multicast routers in the network.
IGMP snooping prevents hosts on a local network from
flooding traffic which have not explicitly joined. IGMP
Snooping provides a method for intelligent, targeted
forwarding of multicast packets within a broadcast
domain. The IGMP Querier periodically update each
end device in the network. IGMP Query supports
multiple IGMP Queriers in the network. If there are
multiple, then the IGMP Querier (with the lowest IP
address) act as the network Querier. If the switch does
not receive updated membership information timely,
it will stop forwarding multicasts to the delinquent
port where the end-device is located.
2. ANALYSIS OF DHCP AND IGMP SNOOPING
APPROACHES
2.1 Similarities:- DHCP and IGMP snooping has
some similarities both are:-  Layer- 2 techniques
and works on switch.  Use in stopping unautho-
AND EVALU ATION
International Referred Research Journal,October, 2011,ISSN-0975-3486, RNI: RAJBIL 2009/30097, VOL-III *ISSUE 25
rized data accessing in network. Techniques are use attack, DHCP address exhaustion attack and IP ad-
for data or message snooping  Work on globally and dressing HI JACKING. IGMP snooping is important
per VLAN basis (vlan id range 1 to 1001 and 1006 to technique for analyzes all IGMP packets between host
4094). and multicast router in network and prevent host on a
2.3 Difference:- DHCP and IGMP snooping has local network from receiving traffic for multicast group
various differences, which are- which have not explicitly joined. It controls the flood-
CONCLUSION :- Both snooping techniques has ing of multicast traffic by dynamic configuration meth-
some common factors but they works in different ods and forward this traffic to only those interface
manner and different areas. DHCP snooping techniques which associated with multicast devices and update
mainly use for stopping non-trusted host, prevent DHCP with multicast group membership on port by port basis
server to rough server. It works on switch and it's and also prevents duplicate reports which is send to
criteria is trusted host to DHCP web text database multicast device by report suppression. IGMP snoop-
server for message transaction. DHCP snooping bind- ing querier support snooping where the multicast traf-
ing database contains MAC address, IP address, lease fic is not routed and also update periodically status of
time, binding time, VLAN no., interface id and web attached devices. If we want complete security from
URL. It also protest against DHCP server spoofing host to web server we should use DHCP snooping and
IGMP snooping in combine way.
2.2 Default configuration table :
Sno. Contents DHCP snooping IGMP snooping
I By default status on switch Disable Enable
II Snooping on VLAN Disable Enabled globally and per VLAN
III Snooping information option Enable Enable
IV Snooping limit rates None None
V Snooping trust Non trusted None
VI Option 82 on non-trusted port Disable None
features
VII Multicast routers None None configured
VIII Multicast router learning method None PIM-DVMRP
(snooping)
IX Snooping Immediate Leave None Disabled
X Static groups None None configured
XI TCN flood query count None 2
XII TCN query solicitation None Disable
XIII Snooping querier Disable Disable
XIV Report suppression Disable Enable
TABLE:- 2
Sno DHCP Snooping IGMP Snooping
I By default Snooping on VLAN- Disable By default Snooping on VLAN- enable.
II Transmit trusted host packet / message to DHCP server. Transmit packets of host to router in control way.
III Block non-trusted host. Stop all host flooding.
IV Works between hosts and DHCP server. Works between host and router.
V Build snooping database of non-trusted message. Prepare IGMP report of connecting host information.
VI Use special tool for Use special tool for snooping:-
1 snooping:- Multicast controling methods such as
Option 82 use as identifier for multiple host CGMP / PIM-DVMRP.
in LAN for implementing security control and
accounting.
2 Configure DHCP snooping packet limit rate up Switch manage forwarding table for new Connecting hosts to IGMP
to 100 pps only for non-trusted interface but for multicast group.
trusted interface it adjust rate limit to a higher value.
3 Verification of host MAC address. Use IP multicast filtering for optimize switch network performance.
4 Configuration and display DHCP snooping Prevent duplicate reports which is send
database URL with related time out values. to multicast device by report suppres sion option.
5 Store the file on TFTP server and avoid IGMP snooping querier support snooping where the multicast
consuming storage space on switch. traffic is not routed and update periodically each end device in net
work.
6 Network based URL(TFTP and FTP) required Use static multicast group which VLAN id .
for file creation.
Use TCN query solicitation because IGMP leave message to speed the
process of recovering from the flood mode caused during a TCN event.
R E F E R E N C E
* www.cisco.com/en/US/* www.craigchamberlain.com * www.en.wikipedia.org * www.h3c.com * www.juniper.net
RESEARCH AN ALYSI S AND EVALU ATION
74